WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Bold Page Builder Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link - CVE-2024-1160 |WordPress Plugin Vulnerability Report - Vulnerabilities

Bold Page Builder Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link – CVE-2024-1160 |WordPress Plugin Vulnerability Report

February 12, 2024

Plugin Name: Bold Page Builder Key Information: Software Type: Plugin Software Slug: bold-page-builder Software Status: Active Software Author: boldthemes Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Booster for WooCommerce Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-1054 |WordPress Plugin Vulnerability Report - Vulnerabilities

Booster for WooCommerce Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1054 |WordPress Plugin Vulnerability Report

February 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Essential Addons for Elementor Vulnerability– Best Elementor Templates, Widgets, Kits & WooCommerce Builders - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-1236 | WordPress Plugin Vulnerability Report - Vulnerabilities

Essential Addons for Elementor Vulnerability– Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1236 | WordPress Plugin Vulnerability Report

February 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

RSS Aggregator by Feedzy Vulnerability– Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Missing Authorization to Arbitrary Page Creation and Publication – CVE-2024-1318 | WordPress Plugin Vulnerability Report

February 9, 2024

Posted in Security, Vulnerabilities

Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Insert PHP Code Snippet Vulnerability - Authenticated (Admin+) Stored Cross-Site Scripting - CVE-2024-0658 |WordPress Plugin Vulnerability Report - Vulnerabilities

Insert PHP Code Snippet Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0658 |WordPress Plugin Vulnerability Report

February 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: Insert PHP Code Snippet Key Information: Software Type: Plugin Software Slug: insert-php-code-snippet Software Status: Active Software Author: f1logic…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Login Lockdown Vulnerability– Protect Login Form - Missing Authorization - CVE-2024-1340 | WordPress Plugin Vulnerability Report - Vulnerabilities

Login Lockdown Vulnerability– Protect Login Form – Missing Authorization – CVE-2024-1340 | WordPress Plugin Vulnerability Report

February 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: Login Lockdown – Protect Login Form Key Information: Software Type: Plugin Software Slug: login-lockdown Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP Booking Calendar Vulnerability- Unauthenticated SQL Injection - CVE-2024-1207 | WordPress Plugin Vulnerability Report - Vulnerabilities

WP Booking Calendar Vulnerability- Unauthenticated SQL Injection – CVE-2024-1207 | WordPress Plugin Vulnerability Report

February 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Booking Calendar Key Information: Software Type: Plugin Software Slug: booking Software Status: Active Software Author: wpdevelop Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP Recipe Maker Vulnerability- Missing Authorization to Authenticated SQL Injection - CVE-2024-1206 |WordPress Plugin Vulnerability Report - Vulnerabilities

WP Recipe Maker Vulnerability- Missing Authorization to Authenticated SQL Injection – CVE-2024-1206 |WordPress Plugin Vulnerability Report

February 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP Shortcodes Plugin Vulnerability— Shortcodes Ultimate - Authenticated Stored Cross-Site Scripting via shortcode - CVE-2024-0792 |WordPress Plugin Vulnerability Report - Vulnerabilities

WP Shortcodes Plugin Vulnerability— Shortcodes Ultimate – Authenticated Stored Cross-Site Scripting via shortcode – CVE-2024-0792 |WordPress Plugin Vulnerability Report

February 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Shortcodes Plugin – Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - RSS Aggregator Vulnerability– RSS Import, News Feeds, Feed to Post, and Autoblogging - Authenticated (Admin+) Server-Side Request Forgery via RSS Feed Source - CVE-2024-0628 | WordPress Plugin Vulnerability Report - Vulnerabilities

RSS Aggregator Vulnerability– RSS Import, News Feeds, Feed to Post, and Autoblogging – Authenticated (Admin+) Server-Side Request Forgery via RSS Feed Source – CVE-2024-0628 | WordPress Plugin Vulnerability Report

February 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Starbox Vulnerability– the Author Box for Humans - Authenticated (Subscriber+) Stored Cross-Site Scripting via Job Settings - CVE-2023-6806 | WordPress Plugin Vulnerability Report - Vulnerabilities

Starbox Vulnerability– the Author Box for Humans – Authenticated (Subscriber+) Stored Cross-Site Scripting via Job Settings – CVE-2023-6806 | WordPress Plugin Vulnerability Report

February 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: Starbox – the Author Box for Humans Key Information: Software Type: Plugin Software Slug: starbox Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - AMP for WP Vulnerability– Accelerated Mobile Pages - Authenticated Arbitrary Post Deletion via amppb_remove_saved_layout_data - CVE-2024-1043 |WordPress Plugin Vulnerability Report - Vulnerabilities

AMP for WP Vulnerability– Accelerated Mobile Pages – Authenticated Arbitrary Post Deletion via amppb_remove_saved_layout_data – CVE-2024-1043 |WordPress Plugin Vulnerability Report

February 6, 2024

Posted in Vulnerabilities, Security

Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,665,548 Active Installs: 100,000…

Read about this Latest WordPress Vulnerability

Bold Page Builder Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link – CVE-2024-1160 |WordPress Plugin Vulnerability Report

Booster for WooCommerce Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1054 |WordPress Plugin Vulnerability Report

Essential Addons for Elementor Vulnerability– Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1236 | WordPress Plugin Vulnerability Report

RSS Aggregator by Feedzy Vulnerability– Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Missing Authorization to Arbitrary Page Creation and Publication – CVE-2024-1318 | WordPress Plugin Vulnerability Report

Insert PHP Code Snippet Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0658 |WordPress Plugin Vulnerability Report

WP Booking Calendar Vulnerability- Unauthenticated SQL Injection – CVE-2024-1207 | WordPress Plugin Vulnerability Report

WP Recipe Maker Vulnerability- Missing Authorization to Authenticated SQL Injection – CVE-2024-1206 |WordPress Plugin Vulnerability Report

WP Shortcodes Plugin Vulnerability— Shortcodes Ultimate – Authenticated Stored Cross-Site Scripting via shortcode – CVE-2024-0792 |WordPress Plugin Vulnerability Report

RSS Aggregator Vulnerability– RSS Import, News Feeds, Feed to Post, and Autoblogging – Authenticated (Admin+) Server-Side Request Forgery via RSS Feed Source – CVE-2024-0628 | WordPress Plugin Vulnerability Report

Starbox Vulnerability– the Author Box for Humans – Authenticated (Subscriber+) Stored Cross-Site Scripting via Job Settings – CVE-2023-6806 | WordPress Plugin Vulnerability Report

AMP for WP Vulnerability– Accelerated Mobile Pages – Authenticated Arbitrary Post Deletion via amppb_remove_saved_layout_data – CVE-2024-1043 |WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy